execute a file
() transforms the calling process into
a new process. The new process is constructed from an ordinary file, whose
name is pointed to by path
, called the
new process file
. This file is either an
executable object file, or a file of data for an interpreter. An executable
object file consists of an identifying header, followed by pages of data
representing the initial program (text) and initialized data pages. Additional
pages may be specified by the header to be initialized with zero data; see
An interpreter file begins with a line of the form:
When an interpreter file is passed to
() the system instead calls
() with the specified
. If the optional
is specified, it becomes the first argument
to the interpreter
, and the original
becomes the second argument; otherwise,
becomes the first argument. The original
arguments are shifted over to become the subsequent arguments. The zeroth
argument, normally the name of the file being executed, is left unchanged.
The argument argv
is a pointer to a
null-terminated array of character pointers to NUL-terminated character
strings. These strings construct the argument list to be made available to the
new process. At least one non-null argument must be present in the array; by
custom, the first element should be the name of the executed program (for
example, the last component of path
The argument envp
is also a pointer to a
null-terminated array of character pointers to NUL-terminated strings. A
pointer to this array is normally stored in the global variable
. These strings pass information to
the new process that is not directly an argument to the command (see
File descriptors open in the calling process image remain open in the new
process image, except for those for which the close-on-exec flag is set (see
Descriptors that remain open are unaffected by
(). In the case of a new setuid or
setgid executable being executed, if file descriptors 0, 1, or 2 (representing
stdin, stdout, and stderr) are currently unallocated, these descriptors will
be opened to point to some system file like
. The intent is to ensure these
descriptors are not unallocated, since many libraries make assumptions about
the use of these 3 file descriptors.
Signals set to be ignored in the calling process, with the exception of
, are set to be ignored in the new
process. Other signals are set to default action in the new process image.
Blocked signals remain blocked regardless of changes to the signal action. The
signal stack is reset to be undefined (see
If the set-user-ID mode bit of the new process image file is set (see
effective user ID of the new process image is set to the owner ID of the new
process image file. If the set-group-ID mode bit of the new process image file
is set, the effective group ID of the new process image is set to the group ID
of the new process image file. (The effective group ID is the first element of
the group list.) The real user ID, real group ID and other group IDs of the
new process image remain the same as the calling process image. After any
set-user-ID and set-group-ID processing, the effective user ID is recorded as
the saved set-user-ID, and the effective group ID is recorded as the saved
set-group-ID. These values may be used in changing the effective IDs later
set-user-ID and set-group-ID bits have no effect if the new process image file
is located on a file system mounted with the nosuid flag. The process will be
started without the new permissions.
The new process also inherits the following attributes from the calling process:
When a program is executed as a result of an
() call, it is entered as follows:
main(int argc, char **argv, char **envp)
is the number of elements in
(the “arg count”) and
points to the array of character
pointers to the arguments themselves.
() function overlays the current
process image with a new process image the successful call has no process to
return to. If
() does return to the
calling process an error has occurred; the return value will be -1 and the
global variable errno
is set to indicate the
() will fail and return to the calling
- A component of the path prefix is not a directory.
- A component of a pathname exceeded
NAME_MAX characters, or an entire
pathname (including the terminating NUL) exceeded
- The new process file does not exist.
- Too many symbolic links were encountered in translating the pathname.
- Search permission is denied for a component of the path prefix.
- The new process file is not an ordinary file.
- The new process file mode denies execute permission.
- The new process file is on a filesystem mounted with execution disabled
- The new process file has the appropriate access permission, but has an
invalid magic number in its header.
- The new process file is a pure procedure (shared text) file that is
currently open for writing or reading by some process.
- The new process requires more virtual memory than is allowed by the
- The number of bytes in the new process's argument list is larger than the
system-imposed limit. The limit in the system as released is 262144 bytes
- The new process file is not as long as indicated by the size values in its
envp point to an illegal address.
- argv did not contain at least one
- An I/O error occurred while reading from the file system.
- During startup of an interpreter, the system
file table was found to be full.
() function is expected to conform
to IEEE Std 1003.1-2008
The predecessor of these functions, the former
() system call, first appeared in
Version 1 AT&T UNIX
() function first appeared in
Version 7 AT&T UNIX
If a program is setuid
to a non-superuser, but is
executed when the real uid
“root”, then the process has some of the powers of a superuser
IEEE Std 1003.1-2008
as ignored in the new process;
portable programs cannot rely on
resetting it to the default disposition.